Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
outlook anywhere internal hostname
Hi,
We have an exchange 2010 server. We have renewed our certificates. Because internal servernames cant be included in the certificates anymore, we have changed the internal hostnames for owa, ecp, oab etc etc. But we cant change the internal hostname for outlook anywhere.
Now the clients keep getting certificate mismatch error after starting outlook.
I was trying to change the internal hostname with the following command.
Set-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" -InternalHostname mail.mydomain.com -InternalClientsRequireSsl
A positional parameter cannot be found that accepts argument '-InternalHostname'.
+ CategoryInfo : InvalidArgument: (:) [Set-OutlookAnywhere], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFoun
Any help is apreciated.
Regards
We have an exchange 2010 server. We have renewed our certificates. Because internal servernames cant be included in the certificates anymore, we have changed the internal hostnames for owa, ecp, oab etc etc. But we cant change the internal hostname for outlook anywhere.
Now the clients keep getting certificate mismatch error after starting outlook.
I was trying to change the internal hostname with the following command.
Set-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" -InternalHostname mail.mydomain.com -InternalClientsRequireSsl
A positional parameter cannot be found that accepts argument '-InternalHostname'.
+ CategoryInfo : InvalidArgument: (:) [Set-OutlookAnywhere], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFoun
Any help is apreciated.
Regards
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
I've already set the autodiscover and web service virtual directory to point internal url to mail.mydomain.com. That works fine.
Outlook anywhere internal hostname has to be changed, why isn't above command working?
Outlook anywhere internal hostname has to be changed, why isn't above command working?
I don't think there is InternalHostname switch in that command.
If you check available parameters for that command, there is no InternalHostname switch.
https://technet.microsoft.com/en-us/library/bb124993(v=exchg.141).aspx
Regards,
If you check available parameters for that command, there is no InternalHostname switch.
https://technet.microsoft.com/en-us/library/bb124993(v=exchg.141).aspx
Regards,
This link is not for set-oulookanywhere, but for enable-outlookanywhere
I mean this https://technet.microsoft.com/en-us/library/bb123545(v=exchg.150).aspx
But after looking further, i see this is for exchange 2013. For exchange 2010 https://technet.microsoft.com/en-us/library/bb123545(v=exchg.141).aspx
there is indeed no internalhostname option for set-outlookanywhere in 2010
What can we do else, what you stated before has already been done except for the dns part. DNS is for the public zone is set up externally.
I mean this https://technet.microsoft.com/en-us/library/bb123545(v=exchg.150).aspx
But after looking further, i see this is for exchange 2013. For exchange 2010 https://technet.microsoft.com/en-us/library/bb123545(v=exchg.141).aspx
there is indeed no internalhostname option for set-outlookanywhere in 2010
What can we do else, what you stated before has already been done except for the dns part. DNS is for the public zone is set up externally.
Check out the below nice article from DigiCert.
https://blog.digicert.com/exchange-replacing-internal-names-certificates-part-2/
Read the details in "OutlookAnywhere Setting"
Zac.
https://blog.digicert.com/exchange-replacing-internal-names-certificates-part-2/
Read the details in "OutlookAnywhere Setting"
Zac.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Hi Shreedhar, the external hostname for outlook anywhere is already set correct.
Hi Zacharia, I've already read that article. I've ran the tool and all the exchange services already have the internal url's point to the external names.
So that part is ok. Now the outlook anywhere part.
According to the article I have to run the following command to check wether i have to set outlook anywhere or not.
Get-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" | fl InternalHostname, InternalClientsRequireSsl
The output of this command is nothing, empty, no text at all. See attached screenshot "screen1"
In "screen2" you can see the result of the command
Get-OutlookAnywhere -Identity "Hostname\Rpc (Default Web Site)"
Behind the blue color there is the internal hostname and/or local domain.
Behind the green color there is the external hostname mail.mydomain.com
In "screen3 certwarning" you can see the certificate warning. This warning can only be caused by the internal hostname of outlook anywhere. All the rest is set to external urls. As you can see in "screen4" and "screen5"
One last thing, the certificate error only occurs on outlook clients that reside on the same network as the exchange server. External outlook clients don't get the certificate error.
Regards,
screen1.PNG
screen2.PNG
screen3-certwarning.PNG
screen4-outlooksettings.PNG
screen5-outlooksettings.PNG
Hi Zacharia, I've already read that article. I've ran the tool and all the exchange services already have the internal url's point to the external names.
So that part is ok. Now the outlook anywhere part.
According to the article I have to run the following command to check wether i have to set outlook anywhere or not.
Get-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" | fl InternalHostname, InternalClientsRequireSsl
The output of this command is nothing, empty, no text at all. See attached screenshot "screen1"
In "screen2" you can see the result of the command
Get-OutlookAnywhere -Identity "Hostname\Rpc (Default Web Site)"
Behind the blue color there is the internal hostname and/or local domain.
Behind the green color there is the external hostname mail.mydomain.com
In "screen3 certwarning" you can see the certificate warning. This warning can only be caused by the internal hostname of outlook anywhere. All the rest is set to external urls. As you can see in "screen4" and "screen5"
One last thing, the certificate error only occurs on outlook clients that reside on the same network as the exchange server. External outlook clients don't get the certificate error.
Regards,
screen1.PNG
screen2.PNG
screen3-certwarning.PNG
screen4-outlooksettings.PNG
screen5-outlooksettings.PNG
Just forgot about DNS. Have you set up DNS records to resolve the external domain names to the internal IP address?
For example;
your internal exchange name "exsrv.abcd.local points to 192.168.1.1
your public exchnage name is "email.abcd.com"
then add a DNS record for email.abcd.com pointing to 192.168.1.1, in your AD DNS.
Zac.
For example;
your internal exchange name "exsrv.abcd.local points to 192.168.1.1
your public exchnage name is "email.abcd.com"
then add a DNS record for email.abcd.com pointing to 192.168.1.1, in your AD DNS.
Zac.
Hi,
See screen6.
Yes, i have pointed the external name to the internal ip address in DNS.
One thing i found out. When creating a new profile in outlook the certificate warning disappears.
Regards,
screen6.PNG
See screen6.
Yes, i have pointed the external name to the internal ip address in DNS.
One thing i found out. When creating a new profile in outlook the certificate warning disappears.
Regards,
screen6.PNG
Would it be a big deal to recreate the profile for your users? How many users do you have?
Another work around is to either use wildcard SAN SSL or create an internal cert.
Zac.
Another work around is to either use wildcard SAN SSL or create an internal cert.
Zac.
I think it's best to recreate the profles.
What about the self signed certificate? In exchange you can just attach 1 certificate to iis. How would you do that?
Regards,
What about the self signed certificate? In exchange you can just attach 1 certificate to iis. How would you do that?
Regards,
Forget about it (self signed). It was just a TYPO error
So if you can't afford a wild card cert, then go for the recreating the profile.
Zac.
So if you can't afford a wild card cert, then go for the recreating the profile.
Zac.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Outlook
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
you should first create DNS zone for you public name, eg. mydomain.com and point mail record to you exchange server, it's internal ip address, so that internal client connect directly to it.
After that you should reconfigure AutoDiscover for internal clients:
Set-ClientAccessServer -Identity Servername –AutoDiscoverServiceIntern
To check current AutoDiscover settings:
Get-ClientAccessServer |fl identity,autodiscoverservi
Change WebServices as well.
To check current setting:
Get-WebServicesVirtualDire
To reconfigure it:
Set-WebServicesVirtualDire
After this, there should not be certificate mismatch.
Regards,
Ivan.